Date: Mon, 25 Oct 1999 14:25:18 -0500 From: "David L. Aldridge" <dlac@aldridge.com> Cc: FreeBSD-Stable <freebsd-stable@FreeBSD.ORG> Subject: Re: IP aliasing Message-ID: <3814AE9E.A910FBAF@aldridge.com> References: <Pine.BSF.3.96.991020115200.13144B-100000@workhorse.iMach.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Forrest, I am creating virtual ip's on my system, by adding aliases during boot. But I can't reach the IP from the machine itself. When trying to connect from other hosts, it works! I can reach the server from other boxes on the network and the Internet, but can't just lynx or ping to it from the server itself. Can you tell me why this happens? I have more than 100 ip based virtual hosts on a box. During boot, rc.local evokes: ifconfig ep0 206.180.151.123 netmask 0xffffffff alias If I try to ping 206.180.151.123 from the box, it fails and syslog reports: Oct 24 21:40:34 TripleCrown /kernel: arplookup 206.180.151.123 failed: could not allocate llinfo Oct 24 21:40:34 TripleCrown /kernel: arplookup 206.180.151.123 failed: could not allocate llinfo Oct 24 21:40:34 TripleCrown /kernel: arpresolve: can't allocate llinfo for 206.180.151.123rt Oct 24 21:40:34 TripleCrown /kernel: arpresolve: can't allocate llinfo for 206.180.151.123rt If I then remove the address from the interface with route -d xxx.xxx.xxx.xxx and then do ifconfig ep0 206.180.151.123 netmask 0xffffffff alias, I can then ping the address from the box. "Forrest W. Christian" wrote: > > On Wed, 20 Oct 1999, Will Mitayai Keeso Rowe wrote: > > > I noticed on another server's box that they alias IP addresses to their > > loopback interface rather than their Ethernet interface. Is their any > > benefit/detriment to doing this? > > Here's the rule I use: > > If the IP address you are adding is "Naturally" on the ethernet add it as > an alias to the Ethernet interface. > > If the IP address is on a different subnet than the Ethernet, add it as an > alias on the loopback. > > For example, let's say you're doing web hosting. For a small number of > hosts, you might just want to use some unused addresses on your ethernet. > For example if your ethernet is the subnet 192.168.1.0/24 (the entire > class c) then, you could utilize any of the unused addresses from > 192.168.1.1 through 192.168.1.254 as a "alias" interface address. In this > case, you would add them to the Ethernet interface. > > On the other hand, if you are going to be doing a lot of web hosting (or > more simply put, more than the ethernet subnet has available) then you > probably want to set aside another block just for web addresses. For > example, 192.168.2.0/24. In this case, you would add the addresses to the > Loopback interface. You will also need to add either a host or a subnet > route to your router pointing to the ethernet interface on your box. > > For example, my main box is configured as follows: > > bash$ ifconfig -a > ed1: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500 > inet 206.127.77.89 netmask 0xfffffff0 broadcast 206.127.77.95 > inet 206.127.77.81 netmask 0xfffffff0 broadcast 206.127.77.81 > inet 206.127.77.91 netmask 0xfffffff0 broadcast 206.127.77.91 > ether 00:00:1b:3c:a5:cc > lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 > tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet 127.0.0.1 netmask 0xff000000 > inet 206.127.77.129 netmask 0xffffffff > inet 206.127.77.130 netmask 0xffffffff > inet 206.127.77.131 netmask 0xffffffff > inet 206.127.77.132 netmask 0xffffffff > inet 206.127.77.133 netmask 0xffffffff > inet 206.127.77.138 netmask 0xffffffff > inet 206.127.77.139 netmask 0xffffffff > inet 206.127.77.140 netmask 0xffffffff > inet 206.127.77.141 netmask 0xffffffff > inet 206.127.77.142 netmask 0xffffffff > > You could argue what the netmask should be in each case, but I generally > use the same netmask as the ethernet interface on the aliases added to the > ethernet, and a "host" netmask of 0xffffffff on the loopback interface. > > Not to confuse the issue, but I believe that if you add an address to the > loopback out of the range on the ethernet you also need to do some > proxy-arp configuration (at least you used to). This is the real reason > you should add the "ethernet" to the ethernet. Conversely, if you add > "loopback" addresses to the ethernet, depending on the subnet and the > state of the ip forwarding flag in the kernel, you may have interesting > routing problems such as the machine trying to send packets for the subnet > but not on the localhost out the ethernet. (This last paragraph is > oversimplified- If you'd like a more technically accurate description, > e-mail me privately). > > - Forrest W. Christian (forrestc@imach.com) KD7EHZ > ---------------------------------------------------------------------- > iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com > Solutions for your high-tech problems. (406)-442-6648 > ---------------------------------------------------------------------- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- David L. Aldridge The Aldridge Company 281.368.0166 (fax: 281.368.0381) http://www.aldridge.com/ Powered by Pentium/FreeBSD/Apache - Because it works. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3814AE9E.A910FBAF>